launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

launcher.exe
Size

11.8MB
MD5

cdd5a597fc8425416fe518626700d289
SHA1

a8d7f957ebea1f12e533fc372c73c7c85967b2f0
SHA256

ded255caffb102bf51a9a9bd795287e02f9b2063d08d51cfe66fce7428271dbd
SHA512

74e0d8f44d6ec0939a2b2989c4c61e4502bb234103887e7b4f4a09d443cf4bd576b45378e9f7004b1fc54d3c478fa998bb82cc8b52e1d22a852a1f9210ef783a
SSDEEP

196608:V3iKIkH8RH8QCH0z08tIsFop6DK9E17YIGlHMKAG9HYpUHFH8hVaA64K0vUTihOF:MTN8QCH0I8tXFow9YXGWuUHFHW64K0R4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
launcher.exe

Files

launcher.exe
.exe windows x64

7963d3a67cfe4f19646b23c68d457d1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception

api-ms-win-crt-stdio-l1-1-0

_fseeki64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file

api-ms-win-crt-runtime-l1-1-0

_exit

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

CharUpperBuffW

Exports

Exports

��5��x��8�Q��sd��Y�J�Sr��[��H�:%��W��u9��T*�K< ��I�:�O�(:��jԢb0Mٹ�f"�a��쾑�Gj�A ��4�P��w3�_�c4�Z�o�b�f�\�#ce��J��1p'#�_��V��QxU)��{{~��b�)��;�� r�ʱ��"5J��E~�_x��v�>�M2ѯ�v�%�5Cz~;�9��w(�̹<�U&lc�ζ-!`��l� ߝ�$�Z��UU�2�\��'�"h��^�;�ڸIlN2R��$z�󛣞t�.��b��n�91��zjE�8��J��v��OM�5�n�o��\�V�F+�v �\��@E�%~ ��Ga��0z��\#})n �Y��f�T�GK�cg�Ӗs'�J +�N��U�<��X�� Jv�C� ��B�:��HHyv��~E��SԬms� o�p(h��rM.�|��9�4��d�S%`.�\�i�{�n��4?��9�K�be5M}Rru,��_�S%:��=�f��1��SW�%�n�9]��^O6��,[��hy��9ޕ��Cx� [� ��{f��@��o�߫mn��M �{? �c�#Q�<,|��)8{�g ��у�و�h��p��D�D��Ho��?�=��4��Wx��n��ZB'fK�1��K�rM�64��i��#��("-$��fC2��8��[)�פ8�^��2j0�n��,�սe$��V�4G~��kk��C��*�ң�� gz�xcLj�]��&�aE��H�/t��Nf��S�.��˴י��ewc�p��^�ԯB9C��h9��[I[q��^��j�Xf-�"�_��6�A��V��՞�� x`��?��۪�1�Nn��.4�� (��c�ԑ6Qm�B `#�+��"��}%a1�� Q��,9��ruWB��F��xt��<c�xW�Q��I�-,�Ñ"��Ӷ��!`!讖��n�ĭ�U��*��7��&7ϒ�:-�a&��4��~ 5�tfOW�C6XIO��2�G$Z��s�"�Q�#%-'?�R�`�F��W�B]��*΋>c��B��3��u��KW��򲩋��èbbϞ��c�я�dm��6��'��ʉ-8�O�� )ԗ��kZ�� E��>x��Y��T��C��I^�� :pB��s �|��ǗP&��MCs�ߊ�>ܹmA�{ֽ�� dga]��)�=�m��Q��n��\�W�� &?;��E��&H JD��;�3m�Q0��N�F�WY�09�}FN��0�NO�xc��@��X�zns� !nM�#��B�k쟆% {��p24�8�/}o�}-��)��}x��U�%�>��'�W�A;��ڔ�vV�8�$8]� �L�A��%��p�S�g�X��Z�(k�T/@up��ȇ]8g=pY�!=S��~��N�ǌ,u��g� ��;��-�?Y%��c�Vn��/�'�ǑNNv�{�h��m+�z�M{܌<T��uǻ> bW��׫CF�a� F$�O��],!>i��;N��x��v��x7�c��D�ѓ7Q�"��vL�e��ےjRk��ʥ��A!3��"�_s�R2"�^��(UJu��A.Ѥ�� oǦ�� ͏#�}'+u>(� 0��'��N��5mS�f�0��F8�0�C��S�Z,X�#�>�Wn7 U��.0�j�O��dO�4��S��ͶT�-�L;T�"��]d��jLj��D�R�A��$��\��XH2�o�c��[6�� ݌6!>U��U��@�,2��We��%��Le�S��_�~u6��OR��+�>y��O��g��0��,��^!1ѥ^�|�R�Y��!��w0q�AhKcF"!�3d��;2�b�c��/��r�y% 3O�<��*Nm�N�ϩ�`|ꦷ�� `Ϝ�ɬ�N��ڌE�=Y�+�e}�{�P�J�]-g��c?}�1vO��wY��>�ě�\0�{��}ʜb`�� Gm��h^)��v�G?��3h��[-��M��pK��%R4 -��x�9V3MN�U3b��w?5_$!�J�:R.��J�2̸%p��Զ�(B/��y��s��׻��4ag��p� �^m$!݋~��m��e��F�� ּ��r# wO 2��!�jk̼*�L5'�mqE��2��َXs�,\��zxAS��=#�-�tW)�$4'��Y��f� �1T(=l�@/l�-��8a;��a�#�9*��ˈl[��G�j��ƅ� ��>�/>}n �s�M!n<#��=𒭂�*��qAC:�� &�z�t:�yz��v7��Xn�l^`��0� �1"1��iۆ�λ��j�\|��8�Sc�Ɗ��m[��ʮ�p�N ��qR�܌{�Z��vL�y��f�s�5��Դ��M�H��4�8�Ӈ��9��.c��@^+HZdc1R�}0!A��&�Ŗ�K�|%L ��v�� q�/E�b��&��Ky� }H��WT8�nL�� &��v�� dv<��2�E�n��&�oo�O��TO`׉z�S�� n]�!l_�A�U��kF��(]䆽:��(�/{;a�˛ڤ3��Õ�Il�V�8f��8{ӡŶ��+9��cR��YT��a!��d� ��7׿,=��ԉi�yV%q�)�p(ޥ4�q��ws�f3�G�� nS�ü_VyNS��:z+��n�|Ѕ��X(��,��8��n�6lEA��V��x�

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pedrin0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pedrin1
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pedrin2
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7963d3a67cfe4f19646b23c68d457d1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

Exports

Exports

Sections

.text Size: - Virtual size: 15KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 11.8MB

.pdata Size: - Virtual size: 1KB

.pedrin0 Size: - Virtual size: 3.2MB

.pedrin1 Size: 3KB - Virtual size: 2KB

.pedrin2 Size: 11.8MB - Virtual size: 11.8MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 15KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 11.8MB

.pdata
Size: - Virtual size: 1KB

.pedrin0
Size: - Virtual size: 3.2MB

.pedrin1
Size: 3KB - Virtual size: 2KB

.pedrin2
Size: 11.8MB - Virtual size: 11.8MB

.rsrc
Size: 512B - Virtual size: 480B